first commit

2026-04-16 11:17:18 +08:00
commit 5b9c398e68
98 changed files with 8701 additions and 0 deletions
--- a/app/middleware/Cors.php
+++ b/app/middleware/Cors.php
@@ -0,0 +1,46 @@
+<?php
+namespace app\middleware;
+
+use Webman\Http\Request;
+use Webman\Http\Response;
+use Webman\MiddlewareInterface;
+
+class Cors implements MiddlewareInterface
+{
+    public function process(Request $request, callable $handler): Response
+    {
+        $origin = (string)$request->header('origin', '');
+        $allow = trim((string)(getenv('CORS_ALLOW_ORIGINS') ?: '*'));
+        $allowOrigin = '';
+
+        if ($allow === '*') {
+            $allowOrigin = '*';
+        } else {
+            $allowList = array_values(array_filter(array_map('trim', explode(',', $allow))));
+            if ($origin !== '' && in_array($origin, $allowList, true)) {
+                $allowOrigin = $origin;
+            }
+        }
+
+        $headers = [
+            'Access-Control-Allow-Methods' => 'GET,POST,PUT,PATCH,DELETE,OPTIONS',
+            'Access-Control-Allow-Headers' => 'Content-Type, Authorization, X-Requested-With',
+            'Access-Control-Max-Age' => '86400',
+        ];
+
+        if ($allowOrigin !== '') {
+            $headers['Access-Control-Allow-Origin'] = $allowOrigin;
+            if ($allowOrigin !== '*') {
+                $headers['Access-Control-Allow-Credentials'] = 'true';
+            }
+        }
+
+        if (strtoupper($request->method()) === 'OPTIONS') {
+            return response('', 204)->withHeaders($headers);
+        }
+
+        $response = $handler($request);
+        return $response->withHeaders($headers);
+    }
+}
+
--- a/app/middleware/StaticFile.php
+++ b/app/middleware/StaticFile.php
@@ -0,0 +1,42 @@
+<?php
+/**
+ * This file is part of webman.
+ *
+ * Licensed under The MIT License
+ * For full copyright and license information, please see the MIT-LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @author    walkor<walkor@workerman.net>
+ * @copyright walkor<walkor@workerman.net>
+ * @link      http://www.workerman.net/
+ * @license   http://www.opensource.org/licenses/mit-license.php MIT License
+ */
+
+namespace app\middleware;
+
+use Webman\MiddlewareInterface;
+use Webman\Http\Response;
+use Webman\Http\Request;
+
+/**
+ * Class StaticFile
+ * @package app\middleware
+ */
+class StaticFile implements MiddlewareInterface
+{
+    public function process(Request $request, callable $handler): Response
+    {
+        // Access to files beginning with. Is prohibited
+        if (strpos($request->path(), '/.') !== false) {
+            return response('<h1>403 forbidden</h1>', 403);
+        }
+        /** @var Response $response */
+        $response = $handler($request);
+        // Add cross domain HTTP header
+        /*$response->withHeaders([
+            'Access-Control-Allow-Origin'      => '*',
+            'Access-Control-Allow-Credentials' => 'true',
+        ]);*/
+        return $response;
+    }
+}